From 309d4d01f174a96dd5ac7d71debb5c56049ebc9f Mon Sep 17 00:00:00 2001
From: Emmanuel Engelhart <kelson@kiwix.org>
Date: Sun, 30 Nov 2025 17:29:20 +0100
Subject: [PATCH 1/3] /data per default writable

---
 docker/server/Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker/server/Dockerfile b/docker/server/Dockerfile
index 03bdb73..10b4c6d 100644
--- a/docker/server/Dockerfile
+++ b/docker/server/Dockerfile
@@ -11,6 +11,7 @@ WORKDIR /data
 
 # running as a named unprivileged user
 RUN addgroup -S user && adduser -S user -G user
+RUN chown user:user /data
 USER user
 
 COPY ./start.sh /usr/local/bin/

From 0232f0a95f965c7fa3bcc99ab98feddd17ebad08 Mon Sep 17 00:00:00 2001
From: Emmanuel Engelhart <kelson@kiwix.org>
Date: Sun, 30 Nov 2025 17:37:02 +0100
Subject: [PATCH 2/3] Check if /data is writable

---
 docker/server/start.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docker/server/start.sh b/docker/server/start.sh
index 75ba3eb..4abc411 100755
--- a/docker/server/start.sh
+++ b/docker/server/start.sh
@@ -3,6 +3,14 @@
 # Download if necessary a file
 if [ ! -z "$DOWNLOAD" ]
 then
+    # Check if /data is writable
+    if [ ! -w /data ]
+    then
+        echo "Data directory (mounted) at '/data' is not writable for container user 'user:user', ZIM file can not be written."
+        exit 1
+    fi
+
+    # Dwonload ZIM file
     ZIM=`basename $DOWNLOAD`
     wget $DOWNLOAD -O "$ZIM"
 

From 81d9a6cc02e63fb09373669f34d5e93f02cc544e Mon Sep 17 00:00:00 2001
From: rgaudin <reg@rskg.org>
Date: Mon, 1 Dec 2025 09:38:29 +0000
Subject: [PATCH 3/3] Use explicit UID/GID and show them in error message

---
 docker/server/Dockerfile | 2 +-
 docker/server/start.sh   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker/server/Dockerfile b/docker/server/Dockerfile
index 10b4c6d..23c044b 100644
--- a/docker/server/Dockerfile
+++ b/docker/server/Dockerfile
@@ -10,7 +10,7 @@ VOLUME /data
 WORKDIR /data
 
 # running as a named unprivileged user
-RUN addgroup -S user && adduser -S user -G user
+RUN addgroup -S -g 1001 user && adduser -S -u 1001 user -G user
 RUN chown user:user /data
 USER user
 
diff --git a/docker/server/start.sh b/docker/server/start.sh
index 4abc411..f8b1e40 100755
--- a/docker/server/start.sh
+++ b/docker/server/start.sh
@@ -6,7 +6,7 @@ then
     # Check if /data is writable
     if [ ! -w /data ]
     then
-        echo "Data directory (mounted) at '/data' is not writable for container user 'user:user', ZIM file can not be written."
+        echo "'/data' directory is not writable by '$(id -n -u):$(id -n -g)' ($(id -u):$(id -g)). ZIM file(s) can not be written."
         exit 1
     fi